<?php
/*
+-----------------------------------------------------------------------------+
| $Id: *.php 2009-08-18 08:41:22Z Bleakwind $
| Copyright (c) 2003-2010 Bleakwind (www.weaverdream.com)
| http://www.weaverdream.com/
+-----------------------------------------------------------------------------+
*/

if (!defined( 'ENTRY_INDEX')){
    echo "<h1>Forbidden</h1><p>You don't have permission to access on this server.</p>";
    exit;
}

if (!preg_match("/^[1-9][0-9]{0,10}$/", $sys->get['attach_id'])) {
    $sys->prompt("failed",$LANGUAGE['s']['attach']['attach_id_empty']."<!-- attach_id_empty -->");
} else {
    if( preg_match("/^[1-9][0-9]{0,18}$/",$sys->get['topic_id']) ){
        $sql = "SELECT post_attach.*, topic.id as topic_id, topic.if_del as topic_if_del, post.id as post_id
                FROM ".DB_TABLE_POST_ATTACH." post_attach
                    LEFT JOIN ".DB_TABLE_POST." post ON post.id=post_attach.post_id
                    LEFT JOIN ".DB_TABLE_TOPIC." topic ON topic.id=post.topic_id
                WHERE post.topic_id=".$sys->get['topic_id']." AND post_attach.id=".$sys->get['attach_id'];
        $result = &$db->Execute($sql);
        if (!$result) {
            $sys->prompt("failed",$db->ErrorMsg()."<!-- ErrorMsg -->");
        } else {
            if ($result->EOF) {
                $sys->prompt("failed",$LANGUAGE['s']['attach']['attach_id_not_exist']."<!-- attach_id_not_exist -->");
            } else {
                $attach_info = array(
                        'id'            => $result->fields['id'],
                        'dir'           => $result->fields['dir'],
                        'filename'      => $result->fields['filename'],
                        'brief'         => $result->fields['brief'],
                        'watermark'     => $result->fields['watermark'],
                        'post_id'       => $result->fields['post_id'],
                        'member_id'     => $result->fields['member_id'],
                        'time'          => $result->fields['time'],
                        'down'          => $result->fields['down'],

                        'topic_id'      => $result->fields['topic_id'],
                        'topic_if_del'  => $result->fields['topic_if_del'],
                        'post_id'       => $result->fields['post_id'],
                );
                if( !preg_match("/^[1-9][0-9]{0,18}$/",$attach_info['topic_id']) ){
                    $sys->prompt("failed",$LANGUAGE['s']['attach']['topic_id_not_exist']."<!-- topic_id_not_exist -->");
                } elseif ($attach_info['topic_if_del'] == "1") {
                    $sys->prompt("failed",$LANGUAGE['s']['attach']['topic_id_already_del']."<!-- topic_id_not_exist -->");
                } elseif (!preg_match("/^[1-9][0-9]{0,10}$/", $attach_info['id'])) {
                    $sys->prompt("failed",$LANGUAGE['s']['attach']['attach_id_not_exist']."<!-- attach_id_not_exist -->");
                } else {
                    $CONFIGURE['common']['if_output_template'] = "0";
                    include_once './lib/class/bwanydown.class.php';
                    $bwad = new bwanydown();
                    $bwad->download("./".$SETTING['dir_post_attach']."/".$attach_info['dir'].$attach_info['filename'], $attach_info['brief']);
                }
            }
        }
        
    } elseif( preg_match("/^[1-9][0-9]{0,18}$/",$sys->get['post_id']) ){
        $sql = "SELECT post_attach.*, topic.id as topic_id, topic.if_del as topic_if_del, post.id as post_id
                FROM ".DB_TABLE_POST_ATTACH." post_attach
                    LEFT JOIN ".DB_TABLE_POST." post ON post.id=post_attach.post_id
                    LEFT JOIN ".DB_TABLE_TOPIC." topic ON topic.id=post.topic_id
                WHERE post.id=".$sys->get['post_id']." AND post_attach.id=".$sys->get['attach_id'];
        $result = &$db->Execute($sql);
        if (!$result) {
            $sys->prompt("failed",$db->ErrorMsg()."<!-- ErrorMsg -->");
        } else {
            if ($result->EOF) {
                $sys->prompt("failed",$LANGUAGE['s']['attach']['attach_id_not_exist']."<!-- attach_id_not_exist -->");
            } else {
                $attach_info = array(
                        'id'            => $result->fields['id'],
                        'dir'           => $result->fields['dir'],
                        'filename'      => $result->fields['filename'],
                        'brief'         => $result->fields['brief'],
                        'watermark'     => $result->fields['watermark'],
                        'post_id'       => $result->fields['post_id'],
                        'member_id'     => $result->fields['member_id'],
                        'time'          => $result->fields['time'],
                        'down'          => $result->fields['down'],

                        'topic_id'      => $result->fields['topic_id'],
                        'topic_if_del'  => $result->fields['topic_if_del'],
                        'post_id'       => $result->fields['post_id'],
                );
                if( !preg_match("/^[1-9][0-9]{0,18}$/",$attach_info['topic_id']) ){
                    $sys->prompt("failed",$LANGUAGE['s']['attach']['topic_id_not_exist']."<!-- topic_id_not_exist -->");
                } elseif ($attach_info['topic_if_del'] == "1") {
                    $sys->prompt("failed",$LANGUAGE['s']['attach']['topic_id_already_del']."<!-- topic_id_not_exist -->");
                } elseif (!preg_match("/^[1-9][0-9]{0,10}$/", $attach_info['id'])) {
                    $sys->prompt("failed",$LANGUAGE['s']['attach']['attach_id_not_exist']."<!-- attach_id_not_exist -->");
                } else {
                    $CONFIGURE['common']['if_output_template'] = "0";
                    include_once './lib/class/bwanydown.class.php';
                    $bwad = new bwanydown();
                    $bwad->download("./".$SETTING['dir_post_attach']."/".$attach_info['dir'].$attach_info['filename'], $attach_info['brief']);
                }
            }
        }
        
    } elseif( preg_match("/^[1-9][0-9]{0,10}$/",$MEMBER['id']) ){
        $sql = "SELECT *
                FROM ".DB_TABLE_POST_ATTACH."
                WHERE post_id=0 AND member_id=".$MEMBER['id']." AND id=".$sys->get['attach_id'];
        $result = &$db->Execute($sql);
        if (!$result) {
            $sys->prompt("failed",$db->ErrorMsg()."<!-- ErrorMsg -->");
        } else {
            if ($result->EOF) {
                $sys->prompt("failed",$LANGUAGE['s']['attach']['attach_id_not_exist']."<!-- attach_id_not_exist -->");
            } else {
                $attach_info = array(
                        'id'            => $result->fields['id'],
                        'dir'           => $result->fields['dir'],
                        'filename'      => $result->fields['filename'],
                        'brief'         => $result->fields['brief'],
                        'watermark'     => $result->fields['watermark'],
                        'post_id'       => $result->fields['post_id'],
                        'member_id'     => $result->fields['member_id'],
                        'time'          => $result->fields['time'],
                        'down'          => $result->fields['down'],
                );
                if (!preg_match("/^[1-9][0-9]{0,10}$/", $attach_info['id'])) {
                    $sys->prompt("failed",$LANGUAGE['s']['attach']['attach_id_not_exist']."<!-- attach_id_not_exist -->");
                } else {
                    $CONFIGURE['common']['if_output_template'] = "0";
                    include_once './lib/class/bwanydown.class.php';
                    $bwad = new bwanydown();
                    $bwad->download("./".$SETTING['dir_post_attach']."/".$attach_info['dir'].$attach_info['filename'], $attach_info['brief']);
                }
            }
        }
    } else {
        $sys->prompt("failed",$LANGUAGE['s']['attach']['attach_id_not_exist']."<!-- attach_id_not_exist -->");
    }
}
?>
